The University of Nottingham is the newest victim of the infamous ShinyHunters hacking group. On Wednesday, the university released a statement confirming that unauthorised individuals gained access to its Campus Solutions network- a system used to manage student records. Reportedly, the breach impacted data from the university’s China and Malaysia campuses, too, and this exposure impacts both current students and alumni.
Immediate Response
After detecting the attack on Tuesday, 9th June, the university immediately took the affected systems offline to contain the impact. While the university didn’t publicly name the perpetrators, its chief governance and risk officer, Jason Carter, stated in an internal email to students that the hackers had previously targeted a number of other organisations.
An investigation is also launched with assistance from Action Fraud and the Information Commissioner’s Office. A dedicated support line is set up by the university at 0115 74 86500 to handle student inquiries and provide updates.
What is the scope of the breach?
In its official statement, the university admitted that a “significant amount” of its student record system data was accessed “by an external third party.” Also, it confirmed the exposed data includes contact details, student ID numbers, course information, and National Insurance numbers, which are unique numbers used in the UK for tax and employment tracking.
However, before this statement, ShinyHunters had already published the alleged stolen data on their dark web leak site. Independent data breach monitoring services analysed the data and confirmed verifying around 455,000 unique email addresses along with extensive personal details.
According to the ShinyHunter’s public post on their extortion site, they have stolen more than 40GB of data as part of their “pay or leak” extortion campaign.
This includes “billing and payment records, credit card and payment details, student finance data, and campus portal exports from the University of Nottingham and its Malaysia and China campuses.”
Additionally, the group alleges stealing “payer contact information, transaction amounts, IP addresses, full names, home addresses, postcodes, email addresses, phone numbers, dates of birth, and other internal campus data” as well.
Wrong Timing
This incident’s timing is crucial since the university is already dealing with a labour dispute after notifying 2,700 staff members (a third of its workforce) about their probable redundancy over financial challenges, with the aim of cutting 600+ full-time jobs over the next three years. In response, the University and College Union members started an assessment boycott. They have refused to mark exams and assignments.
Students, especially those in the final year, are the most affected in this situation as they have to face complications arising from the data leak and the boycott. Many students were already anxious about how their degrees would be graded, and this incident has added an angle of vulnerability, as their personal details were exposed online.
(Photo by Alicja Ziaj on Unsplash)
